cbcvebase.
CVE-2015-0313
published 2015-02-02

CVE-2015-0313: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on…

PriorityP192critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
95.68%
99.9th percentile
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
adobeflash_player< 11.2.202.44211.2.202.442
adobeflash_player< 13.0.0.26913.0.0.269
adobeflash_player<= 13.0.0.264
adobeflash_player<= 11.2.202.440
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player
adobeflash_player>= 14.0.0.125 < 16.0.0.30516.0.0.305
microsoftinternet_explorer
microsoftinternet_explorer
opensuseevergreen
opensuseopensuse
opensuseopensuse
suselinux_enterprise_desktop

Detection & IOCsextracted from sources · hover to see the quote

versionFlash Player 16.0.0.296
versionFlash Player 16.0.0.305
  • CVE-2015-0313 was actively exploited via drive-by-download attacks specifically targeting systems running Internet Explorer and Firefox on Windows 8.1 and below.
  • CVE-2015-0313 was delivered via malvertising — booby-trapped ads uploaded to online ad networks — as the initial infection vector.
  • CVE-2015-0313 was exploited by the Hanjuan Exploit Kit (also initially attributed to Angler EK); detections should look for Hanjuan, Angler, and Fiesta EK traffic patterns.
  • The exploit for CVE-2015-0313 was confirmed unable to escape the Google Chrome sandbox; detections and incident response should focus on Internet Explorer and Firefox process trees, not Chrome.
  • CVE-2015-0313 was observed as a zero-day as early as December 2014, meaning exposure predates the February 2015 patch; retrospective log review should cover that window.
  • ·Attribution of the exploit kit initially shifted; early reporting named Angler EK but was later revised to Hanjuan EK as the primary actor exploiting CVE-2015-0313.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.